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AMENDMENT IN THE CLAIMS: 

Please amend claims 1, 6, and 1 1 as set forth in the complete claim listing below. 
This listing of claims will replace all prior versions and listings of claims in the 
application. 



L (Currently Amended) A method of providing a Certificate Status Service 
("CSS'*) for checking validities of Quthcntication certificates issued by respective issuing 
Certification Authorities ("CAs'Ot comprising the steps of: 

receiving one or more certificate status queries from requesting entities; 

if the issuing CAs are not found on a CSS's list of approved CAs or the 
certificates have expired, returning invalid statuses for those certificates; 

if the current certificate s tatuses are found in the CSS^o atatus a CSS cache 
memorv - returning those certificates' statuses; 

if any status hoa certificate statuses have n ot yet been determined, fetching,.fronLa 
CSS confi guration store> all certificate status reporting methods and communications 
information from a configuration store of the CSS that are needed for retrievin g, from the 
respective issuing CAs. a certificate s tams of each certificate whose status has not yet 
been determine d from the roapootivc issuing CAs ; 

configuring connectors based on the identified information for communicating 
with the issuing CAs; 

communicating with die issuing CAs according to the configured connectors; 

retrieving the stattM Ktertificate statuses of all queried certificates: 
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processing the certificate statases according to [[an]J die.appropriaie cenificate 
status reporting method methods t hat may include, but is not limited to. Certificate 
Revocation Lists (CRLs) that are retrieved at specified publication intervals[rjl and Delta 
Certificate Revocation Lists (ACRLs) that are retrieved upon notification, and.LDAP, 
OCSP, and any other cenificate status means that retrieve certificate statuses in fft^l. 
timg ioro quoriod and rotriovod using real time protooolG; 

recording retrieved certificate statuses in the CSS*s CSS c ache memory; 

returning the retrieved certificate statuses to the requesting entities; 

wherein the issuing CAs and connector parametcrs ^yyhich enable the CSS to 
interwork with any CAs and CA domains even though the CSS and issuing CAs may 
operate using dissimilar certificate practices and policies^ are designated on a hst of 
approved CAs in a^the CSS configuration store that onablc the CSS to intorwork with jny 
GM and CA domains ovon though thoy con opcrato using dirii i Smiior oortificato practices 
and policios, 

2. (Currently Amended) The method of claim 1, wherein a certificate 
indicating a validity period is deemed to have expired if a local date and time fall outside 
([a]] the validity perio d - Q$ indicated in rho cortifica te. 

3. (Currenlly Amended) The method of claim 2, wherein the issuing CA is 
added to at least one organization's list of approved CAs by vetting and approving the 
issuing CA accordtag to predeteimined business rules, wherein the business rules include 
at least one rule for reviewing the acceptability of the CA\s certificate policy and 
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practices for insuring the identity of the entity requesting the certificate, and if the issuing 
CA is vetted and not approved or later disapproved, the issuing CA is added to the at least 
one organization's list of not-approved CAs in the CSS c onfiguration store and/or has 
any prior entry removed from the at least one organization's list of approved CAs. 

4. (Currently Amended) The method of claim 3, wherein vetting and 
approving the issuing CA include registering a representation of a trusted QUthentication 
certificate of the CA widi the CSS and addi ng, to die CSS configuration store, at least 
[(all die certificate statu.s reporting component of the CA[1,1 1; the certificate status 
reporting method including, but not limited to CRL, OCSP,^ LDAP[[,]]i.a tlmc-to-Uve 
data elementll ,1 ll and communication information needed to configure a connector te-the 
CSS's configumtion s tof e. 

5. (Currently Amended) The method ofclaim 4, further comprising the steps 

of: 

checking and updating d4eeal-aig£Si,cache memory for the cortificato queried 
certific^l^e status, and if the queried certificate srah.^ is found in the ieesi CSS cache 
memory, checking that the local date and time are within the certificate's validity period 
and that the time-to-live data element and use-counter values are within a threshold; 

if any of the validity period, time-to-live data element, or use-counter values are 
unacceptable, clearing the tetsol-CSS cache memory, wherein if die certificate status is 
not found in the leeM CSS cache memory, the CSS establishes a communication session 
widi the certificate status reporting component of the issuing CA. composes a certificate 
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Status request using one of the CRL or real-time reporting methods according to the 
configured connector, retrieves the certificate s tatus from the certificate status reporting 
component, closes the communication session with the certificate status reporting 
component, and adds at least one of the certificate's identification, certificate's s tatus 
use-counter, and time-to-live data element to the ieeei CSS cadie memory. 

6. (Currently Amended) The method of claim 1 , wherein the certificate status 
reporting method is indicated to be a Certificate Revocation List, according to a 
publication schedule of the issuing CA, wherein the CSS retrieves the CRL from a 
certificate status reporting component listed in the CSS.configuraiion store, the CSS 
clears the £SS.cacfae memory associated with the issuing CA, and the CSS extracts the 
ce];tificate statafrstatusgs.of all outhontioation certificates fixim the CRL and stores the 
c«t'figat£.statu$es in the cache memory associated with the issuing CA. 

7. (CmxenUy Amended) The method of claim I, wherein the certificate status 
reporting method is indicated to be a ACRL, wherein upon notification by the issuing CA 
that the ACRL is available, the CSS retrieves the ACRL from a certificate status 
reporting component Usted in the CSS configuration store and if the ACRL is a full CRL, 
then Uie CSS clears the CSS cache memory associated widi the issuing CA, extracts all 
certificate statuses from the CRL. and stores the ce!tificate.statuses in the CSS cache 
memory, and if the ACRL contains changes occunring after publication of a full CRL, die 
CSS extracts all certificate statuses from the ACRL. and stores the certificate s tatuses in 
the CSS cache memory. 
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8. (Previously Presented) The method of claim I, wherein the 
communicating step includes communicating according to a plurality of connectors to 
multiple CAs and PKIs. 

9. (Currently Amended) The method of claim 1 , wherein the connectof 
ellews connectors allow more than one certificate status request to be chained togetho: in 
a single communicating step between the CSS and the issuing CA . 

10. (Currently Amended) The method of claim 1 , wherein the certificates are 
held in the CSS.configuration store until expiration and infonnaUon ape is_extracted as 
needed. 

11. (Currently Amended) The mediod of claim I. wherein the retrieving of the 
stmsr statuses o f the oortificatc certificate^ is sued by the approved [[CAJl CAs in 
response to ft^aef^Kjueries from a trusted third-party repository of information objects to 
the CSS to validate the authontication conifioatp'6 :,ut t uii c ertificate statuses comprises the 
st^s of: 

locating and reporting the state frcertificate stanwss if the <itafats-is- certificate 
Statuses are present and current in the CSS.cache memory; of the CSS; 

^'^ stetes-*»certificate xtatiisp.^ ar^ pre.sent in the £SS.cache memory, 
paforming the steps of: 
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obtaining the communications information, certificate s tatus ^ype-tjrges, 
and retrieval flaeAed -methods f rom the CSS configuration store; 

if the certificate status type is CRL^ and the CRL in the CSS cadie 
memory is current, and the certifica te.statuses » are not found in the CSS c ache memory, 
then reporting the certificate statuses as valid; and 

if the certificate status tvpc is CRL the CRL is not cuncnt or found in the 
CSS cache memory^ and local time is greater than a next scheduled publication time for 
the CRL, or if the certificate s tatus type is not CRL, 

creating [fal] connectors and composing [[a|] certificate status 
requests according to the certificate s tatus type; 

establishing [[a] J communication sessions with [[a] J the certificate 
status reporting components of the issuing CAs; 

retrieving the gertificate statuses from the GA^ certificate s tatus 
reporting components usmg the obtained reuieval methods and ending the 
communication session^; 

interpreting the retrieved certificate s tatuses: 

associating, with the interpreted retrieved certificate s tatusg^, [[a]] 
time-to-live values representing [[a]] periods specified by the respective CSS policy 
policies for the certificate status types; 

adding at least one of the cenificate^s identification, certificatg 
status and time-to-live values to the CSS_cache memory; and 

reporting the certificate.statusss to the trusted third-party 
repository of information objects. 
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12. (Canceled) 

13. (Canceled) 

14. (Canceled) 

15. (Currently Amended) The method of claim 1 for providing certificate 
status reports for Quthontication certificates issued by the approved CAs further 
comprising: 

reporting valid certificate ^tetes-siaSUS^when the certificate status type is CRU 
the CRL is current, eF-and_ihe certificate s tatus^ are not found in the CSS c ache 
memory; 

reporting the certificate statuses when the certificate & tanifig& is found in the 
CSS_cache memory and the time-to-live and use-counter values have not exceeded 
respective thresholds; otherwise, 

if either the time-to-live or use-counter values have exceeded tho threshold 
Lespective thre^hQlfecIearing the frfato» <»rtificate statuf^es f mm the £SS-cache memory; 

if the cenificate statuses ha^ have not been reported in a previous step, then 
requesting and retrieving the ceitificate,statu$es,using the certificate status type indicated 
in the CSS_configuration store; 

when the status type is CRL, retrieving and parsing the new CRL at a next 
indicated publication time; 

when the certificate status type is at least one of the type LDAP, OSCP, and any 
other real-time certificate status reporting protocol, retrieving and parsing the cjartificate 
status; 
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adding at least one of the certificate's identification, certificate s tatus, time-to-Iivc 
and use-counter values to the CSS c ache memory; arid 

reporting the retrieved statefrcertificate statuses to the requesting entity. 

16. (Currently Amended) The €S» fliethod o f claim 15, wherein a certificate 
status use-counter data element is added to the CSS's certificate sratnx cache memeo', 
wherein the certificate status use-counter data element is incremented or decremented 
every time the certificate's status is checked, and if the certificate status use-counter te 
e lement paasco a value exceeds respective th n^hnirt, then the certifica^g status is reported 
and die CSS cache memory is cleared with respect to the certificate s tatus 

17. (Currently Amended) The €SS-as£hodof claim 16, whetein a certificate 
status last-accessed data element is added to the CSS_cache memory, and the certificate 
status last-accessed data clement in conjunction with the certificate s tatus tise-oounter 
data element enable the CSS to determine an activity level of the certificate's status. 

18. (CurrenUy Amended) The eSS -method of claim 17, wherein when a 
request is made to the CSS to retrieve a certificate stams of a new certificate and the CSS 
cache memory has reached an allocated btti^ memory size limit, the CSS searches the 
CSS.cache memory for every certificate .status entry where the current time exceeds the 
time-to-live value for every certificate status entry where the value of the use-counter 
data element exceeds the threshold and the value of the at least one certificate status entry 
with the oldest la.st-accessed value, wherein the CSS then clears the respective CSS cache 
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memory entries, retrieves the requested certificate status, places the certificate status in 
the CSS.cache memory, and reports the requested certificate status to the requesting 
entity. 

19. (Withdrawn) A method of executing a transaction between a firet party and a 
second party by transferring control of an authenticated information object having a 
verifiable evidence trail, comprising the steps of: 

retrieving an authenticated information object from a trusted third-party 
repository of information objects, wherein the authenticated information object includes a 
first digital signature block comprising a digital signature of a submitting party and a first 
authentication certificate relating at least an identity and a cryptographic key to the 
submitting party, a date and time indicator, and a second digital signature block 
comprising a second digital signature of the trusted third-party repository of information 
objects and a second luithentication certificate relating at least an identity and a 
cryptographic key to the trusted third-party repository of infonnation objects; the first 
digital signature block was validated by the tnisted third-party repository of information 
objects; and the authenticated information object is stored as an authoritative copy 
information object under the control of the trusted third-:-party repository of information 
objects; 

executing the retrieved authenticated information objea by the second party by 
including in the retrieved authenticated infonnation object a third digital signature block 
comprising at least a third digital signature and a third authentication certificate of the 
second party; and 



PA(X11l30'RCVDATno10:40:14 AM [Eastern Standard Timel'SVRm^ 



MflR-03-2010 10:37 OBER.KfiLER.GRIMES&SHRIUER 410 547 0699 P. 

Applieaiion of Stephen F. Bisb«« el al 
Applicaiioa Nn. 10/620.817 
Attorney Docket No. 030538.084282 
PageU 

forwarding the executed retrieved authenticated information object to a trusted 
third-party repository of information objects, wherein die trusted third-party repository of 
information objects verifies digital signatures and validates autiientication certificates 
associated with the digital signatures included in information objects by at least retrieving 
status of the authentication certificates from a Certificate Status S«vice C*CSS") 
provided according to claim I: the trusted third-party repository of information objects 
rejects a digital signature block if Uie respective digital signature is not verified or the 
status of the respective authentication certificate is expired or is revoked; and if at least 
one signature block in the information object is not rejected, the trusted thini-party 
repository of infonnation objects appends the trusted third-party repository's digital 
signature block and a date and time indicator to the infonnation object and takes control 
of the object on behalf of the first party. 



20. (Withdrawn) The method of claim 19, wherein a signature block includes at 
least one hash of at Jeast a portion of the infonnation object in which the signanire block 
is included, the at least one hash is encrypted by die cryptographic key of the block's 
respective signer, diereby fonning die signer's digital signanire, and die signer's digital 
signature is included in the signature block with die signer's authentication certificate. 

21. (Withdrawn) The method of claim 20. whereb the executing step includes 
displaying a local date and time to die .second party, affirming, by die second party, that 
die displayed local date and time arc conect, and correcting the local date and time if 
either is incorrect. 
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22. (Withdrawn) The metiiod of claim 19, wherein if the trusted third-party 
repository of information objects rejects a digital signature block, the trusted third-party 
repository of information objects requests a remedy that requires the digital signature to 
be recomputed and the signature block to be reforwarded. 

23. (Withdrawn) The method of claim 19, wherein the trusted third-party 
repository of information objects checks the local date and time for accuracy and that 
they are within a validity period indicated by the second party's authentication certificate. 

24. (Withdrawn) The method of claim 23, wherein if the local date and time are 
not within the validity period indicated by the second party's authentication certificate, 
the trusted third-party repository of information objects notifies the second party that the 
authentication certificate is rejected and the first party that the transaction is incomplete. 

25. (Withdrawn) The method of claim 19, wherein one or more digitized 
handwritten signatures are included in the information object, and placement of the 
digitized handwritten signatures in a data strucoire is specified by at least one signature 
tag. 

26. (Withdrawn) The method of claim 19, wherein placement of one or more 
signature blocks in a data stnicture is specified by at least one signature tag. 
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27. (Withdrawn) The method of claim 26, wherein one or more signature blocks 
are separately forwarded to the tested third-party repository of infonnation objects with 
respective signature tags, and the trusted third-party repository of information objects 
validates the signature blocks by: 

rejecting a signature block if either the respective digital signature is not verified 
or the respective authentication certificate is not validated, and 

placing the signature block according to the respective signature tag if die 
signature block is not rejected, 

wherein, to signature blocks sent separately, the trasted thiid-party repository of 
infonnation objects adds a date and time indication to each signature block and appends 
according to business rules the trusted third-party repository's signature block in a 
wrapper that encompasses the infonnatiCHi object and placed signature blocks. 

28. (Withdrawn) The method of claim 27, wherein the trusted third-party 
repository of infonnation objects verifies a digital signature and validates an 
authentication certificate in a signature block by: 

determining from the business rules whether a party associated with the 
authentication certificate has authority, verifying the party's digital signature, checking 
that the authentication certificate's validity period overlaps the trusted third-party 
repository's cunent date and time, 

checking diat the local date and time falls within an allowable deviation from the 
trusted third-party repository's current date and time, and 

retrieving stanis of the authentication certificate from the CSS. and 
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if any of the preceding steps results in an invalid or false output, the digital 
signature is deemed invalid, the transaction is not executed, otherwise the digital 
signature is deemed valid and the transaction is executed. 

29. (Wididrawn) The method of daim 19, wherein the CSS provides 
authentication certificate status to the trusted third-pany repository of information objects 
by at least the steps of checking a local cache memory for the status, and if the status is 
found in the local cache memory and the local date and time are widiin the validity 
period, and retrieving the status from the local cache memory; or if the time-to-live or 
use-counter threshold is exceeded clearing the cache memory entry, wherein if the status 
is not fouxid in the local cache memory, the CSS establishes a communication session 
with a certificate status reporting component of the issuing CA, composes a certificate 
status request, retrieves the status fix»m the certificate stauis reporting component, closes 
the communication session with certificate status reporting component, and adds at least 
the authentication certificate's identificaUon, status, and a time-to-live data element to the 
local cache memory. 

30. (Withdrawn) The method of claim 19, wherein the tirst pany Ls a first trusted 
third-party repository of information objects and the transaction is for transferring 
custody of one or more authoritative copies to the first trusted third-party repository of 
information objects from a second trusted third-party repository of information objects, 
an owner of the transaction provides the second trusted third-party repository of 
information objects with a manifest that identifies authoritative copies to be transferred to 
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the firsi irmted third-party repository of information objects^ the second trusted third- 
party repository of information objects establishes conununication with the first trusted 
third-party repository of information objects and identifies the purpose of its actions, the 
manifest is communicated to the first trusted third-pany repository of information objects 
so that it is able to determine when the transfer of custody has been completed, the 
second trusted third-party repository of information objects transfers each identified 
authoritative copies to the first trusted third-party repository of information objects, the 
first trusted third-party repository of information objects retrieves status of the second 
trusted third-pany repository's certificate and verifies the second trusted third-party 
repository's digital signature on each transfeired authoritative copies, if any of the second 
crusted third-party repository's digital signatures or certificates are invalid, then the first 
trusted third-party repository of information objects notifies the second nisted third-party 
repository of information objects and seeks a remedy I if the second trusted third-party 
repository of information objects does not provide a remedy, the first trusted thini-party 
repository of information objects notifies the transaction owner that the requested transfer 
of custody has failed, otherwise the second trusted third-party repository of information 
objects creates a new wrapper for each successfully transfetred information object, 
adding a date-time stamp and the first trusted third-party repository's signature block. 

31. (Withdrawn) The method of claim 30, wherein the n^nsaciion is a transfer of 
ownership in response to an instruction, transfer of ownership documentation is placed in 
either the First trusted third-party repository of information objects or the second trusted 
third-party repository of information objects, the trusted third-party repository of 
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information objects having the transfer of ownership documentation validates 
authenticity of the transfer of ownership documentation by verifying aU digital 
signatures, certificate validity periods, and using the CSS to check cenificate status of all 
authentication certificates included in the transfer of ownership documentation, appends a 
date and time indication, and digitally signs, wraps and stores the transfer of ownership 
documentation, which are added to the manifest. 

32. (Withdrawn) The method of claim 19, wherein certificate status is indicated to 
the CSS by a Certificate Revocation List ("CRL"). according to a publication schedule of 
the issuing CA, the CSS retrieves the CRL from a certificate status reporting component 
listed in the configuration store, the CSS clears a cache memory associated with the 
issuing CA, and the CSS determines the status of the authentication certificate from the 
CRL and stores the status in the cache memory associated with the issuing CA. 

33. (Withdrawn) The method of claim 19, wherein certificate status is indicated to 
the CSS by a Delta Cenificate Revocation List ("ACRL"); upon notification by the 

' issuing CA that a ACRL is avaUable. the CSS retrieves the ACRL from a cenificate status 
reporting component listed in the configuration store; if the ACRL is a complete CRL, 
then the CSS clears a cache memory associated with the issuing CA, determines the 
status from the CRL, and stores the status in the cache memory; and if the ACRL contains 
only changes occurring after publication of a full CRL, the CSS determines the status 
from the ACRL, and stores the status in the cache memory. 
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34. (Previously Presented) The meihod of claim 18, wherein a cleanup process 
renftoves all stale cache entries as required when new CRLs or ACRLs are retrieved, one 
of the thresholds is exceeded, or freeing up of cache i^> required. 

35. (Currently Amended) The method of claim I, wherein any CSS can query 
any other CSS for the certificate status if tha ortieLCSS is designated in die CSS 
configuration store as an approved certificate status reporting con^)onent for the issuing 
CA. 
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